Back to skill

Security audit

Daxiang Agent Dispatch

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed multi-agent routing skill, with broad routing and prompt-forwarding behavior that users should understand but no artifact-backed malicious behavior.

Install if you want automatic routing to specialist agents. Avoid putting secrets, private business data, or regulated personal information into prompts unless you are comfortable with that content being processed by routed sub-agents and logged as dispatch metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The routing regexes are broad, overlapping, and triggered by common terms such as '文档', '会议', or '总结', which can cause unintended dispatch to specialist agents. In this skill, unintended dispatch matters because raw user input is forwarded to other agents, potentially expanding access to sensitive prompts or data beyond what the user expects.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The dispatch flow forwards raw `user_input` to specialist agents via `spawn_agent(target, user_input, intent)` without any disclosed warning, minimization, or sanitization step. This is dangerous because users may provide secrets, personal data, or sensitive business context assuming only the main agent sees it, while the skill silently broadens data sharing across agents.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill logs dispatch metadata including target, confidence, success, execution time, and retry count, but does not document logging behavior, retention, or access controls. While the sample log omits full prompt content, undisclosed telemetry can still expose operational patterns and potentially sensitive workflow metadata.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The routing regex uses broad, common terms like "search," "research," "study," and "learn" with no anchoring or contextual constraints, so many ordinary prompts can be routed to the research agent unintentionally. This can cause misrouting, inappropriate tool access, or bypass of the user's intended handling path, especially in multi-agent systems where downstream agents may have different capabilities or permissions.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The writing route matches generic words like "write," "article," and "content," which are common in many unrelated requests and can trigger delegation too easily. In practice this increases the chance of incorrect agent selection and may expose prompts or actions to a sub-agent that was not intended to process them.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The management route includes highly ambiguous terms like "task" and "manage," which overlap heavily with normal conversational language and can match a wide range of unrelated requests. This broad matching makes the routing policy unreliable and can redirect prompts to an agent with different behaviors, privileges, or external integrations than expected.

Vague Triggers

High
Confidence
98% confidence
Finding
The catch-all pattern ".*" matches every possible input and guarantees routing to "self" whenever higher-priority rules do not match cleanly, masking classification errors and eliminating specificity. In a security-sensitive agent system, unconditional catch-alls can undermine policy enforcement, make prompt-routing behavior unpredictable, and create a broad path for unintended processing of adversarial or sensitive requests.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.